Thursday, 4 December 2014

Cybersecurity: What You Need To Know After Cyber Attack On Sony

News of the hacking emerged last week
with multiple outlets reporting that Sony Pictures sent employees home
after hackers infected the company’s computers. Workers who had logged
in saw messages on their screens including a skeleton and demands to
prevent the release of sensitive data – images of which made their way
onto Reddit, the online bulletin board.

Soon after, a group of hackers known as G.O.P., or Guardians of
Peace, posted internal salary information from Sony Pictures online they
had apparently stolen in their attack. (As Fortunenoted earlier this week,
the data revealed a major racial and gender gap on the company’s
executive team.) Also, this week, at least five movies distributed by
Sony Pictures, including the new remake of Annie and the October-released war epic Fury, leaked onto the web.

Not much is known about the Guardians of Peace, but technology news site Re/code and other outlets have reported
that Sony Pictures plans to announce that the hackers were backed by
the North Korean government. In a few weeks, the studio plans to
premiere the film The Interview, a fictional comedy in which
two journalists try to assassinate North Korean leader Kim Jong Un on
behalf of the CIA. Kim Jong Un has condemned the movie as “an act of
war.” Timereported on Tuesday that North Korea did not deny its involvement in the hack.

Actor Seth Rogen, who stars in The Interview, has responded with some
Twitter humor to the North Korean leader’s anger over the film:

Could more cyber attacks follow?

Well, the FBI went to the trouble of warning U.S. businesses after
the Sony Pictures hack to be on the lookout. The agency sent out a
confidential “flash” Monday that included some of the technical details
of the malicious software used in the hack, but it didn’t directly
mention Sony, according to Reuters.
The FBI’s report noted that the specific malware can shut down computer
networks by overwriting hard drive data, and that it is nearly
impossible to later recover that data.

Is this a growing trend?

Sony Pictures is just the latest company to fall victim to hackers. Retailers like Target TGT0.36%
, Home Depot HD0.44%
and Kmart have all fallen victim to high-profile data
breaches in the past year that resulted in hackers gaining access to
tens of millions of customers’ payment card information. In October,
JPMorgan Chase JPM0.75%
revealed that hackers had compromised the contact information
of roughly 76 million households and another 7 million small businesses
in a data breach that also affected roughly a dozen other banks.

So far, there has been little evidence that the hacking has changed customer behavior, but the attacks have led to dozens of lawsuits (not to mention leaving a blemish on the resumé of Home Depot’s outgoing CEO). Still, the breaches certainly grabbed the attention of the affected companies, with JPMorgan CFO Marianne Lake saying in October that businesses need to cooperate more, and with the government, if they want to fend off future cyber attacks.

In a recent speech, former NSA director Keith Alexander
highlighted the scope of the threat to U.S. businesses and the
government. Alexander, who also called for more cooperation, put cyber
attacks on a similar level of threat to national security as terrorism.

It’s not just businesses. Celebs and Snapchatters have also been targeted.

Over the summer, hackers began posting scores of illicit celebrity
photos — mostly of Hollywood actresses and female athletes — that were illegally swiped from personal iPhones and iCloud accounts. The incident raised concerns about Apple’s AAPL1.13%
security, which the company dismissed. In another attack, hackers released thousands more photos
stolen from a third-party service meant to store temporary images from
Snapchat, the messaging app. Snapchat has previously been breached by hackers who snatched millions of user names and passwords from the service.

How do companies avoid getting hacked?

Large tech companies like Facebook FB-0.77%
and Google GOOG-0.46%spend big bucks for their own internal hackers
to thwart any potential security threats. However, companies’ security
efforts vary in effectiveness, which is why the occasional cyber attack —
like the one at Sony Pictures last week — can do damage.

Fortunewrote last month
about the latest computer bug hackers are using to target protected
information. Google researchers discovered the bug, known as Poodle,
which circumvents older versions of the standard security technology
called Secure Sockets Layer (SSL). The Poodle bug was found to be less
serious than previous bugs like Shellshock/Bash
that required system administrators to apply a new set of patches.
Companies must keep up to date with security patches, but even then,
hackers seem to find new ways to gain access.